Configuring Jetty PROXY protocol support to fallback to regular HTTP

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Configuring Jetty PROXY protocol support to fallback to regular HTTP

Steven Schlansker
Hello jetty-users,

I am investigating configuring the Proxy connector support as described in
http://www.eclipse.org/jetty/documentation/current/configuring-connectors.html

One thing that I don't feel clear in the documentation is how you might configure
Jetty to accept e.g. both HTTP and Proxy+HTTP connections on the same ServerConnector.

Looking at the code, in fact I'm not sure this is possible -- it seems that if you
don't have a PROXY connection it just gives up:

// Check proxy
if (!"PROXY".equals(_field[0]))
{
    LOG.warn("Not PROXY protocol for {}",getEndPoint());
    close();
    return;
}

We are in the position where we have an Amazon ELB fronting our application,
with TCP passthrough.  We'd like to enable Proxy support, but I fear that doing so
leaves us unable to "upgrade" in place -- we'll have to keep our existing
HTTPS connector and spin up new Proxy+HTTPS connectors, and then additionally
create new ELB instances, and manage a failover to the new pipeline.

If the Jetty code could automatically negotiate the Proxy protocol or not,
we could simply upgrade our application and then enable it on the ELB, a much
simpler and foolproof deployment plan.

Is this possible to configure?  Hopefully I've missed something obvious in
the documentation.

Thanks in advance for any advice,
Steven



_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

signature.asc (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Configuring Jetty PROXY protocol support to fallback to regular HTTP

Steven Schlansker
> On Mar 31, 2016, at 2:14 PM, Steven Schlansker <[hidden email]> wrote:

>
> Hello jetty-users,
>
> I am investigating configuring the Proxy connector support as described in
> http://www.eclipse.org/jetty/documentation/current/configuring-connectors.html
>
> One thing that I don't feel clear in the documentation is how you might configure
> Jetty to accept e.g. both HTTP and Proxy+HTTP connections on the same ServerConnector.
>
> Looking at the code, in fact I'm not sure this is possible -- it seems that if you
> don't have a PROXY connection it just gives up:
>
> // Check proxy
> if (!"PROXY".equals(_field[0]))
> {
>    LOG.warn("Not PROXY protocol for {}",getEndPoint());
>    close();
>    return;
> }
I've spent a couple of hours digging into this.

It looks like it is not possible today, or at least it's really not
obvious.  I'm seeing support for interfaces "UpgradeFrom" and "UpgradeTo"
used to hand off buffers from one type of Connection to the next
through an EndPoint.upgrade

Unfortunately, it seems that neither Proxy v1 nor v2 support UpgradeFrom,
HTTP only supports UpgradeFrom, and HTTPs neither -- when both would need UpgradeTo.

I'm considering contributing the following changes:

* Implement HttpConnection UpgradeTo
* Implement SslConnection UpgradeTo
* Implement ProxyProtocolV*Connection UpgradeFrom

Is this the right path to be going down?  Is this a valuable contribution?
Has anyone considered working on this, and maybe could do it much more quickly
than I can?

Thanks again,
Steven


_______________________________________________
jetty-users mailing list
[hidden email]
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users

signature.asc (817 bytes) Download Attachment